Link to the University of Pittsburgh Homepage
Link to the University Library System Homepage Link to the Contact Us Form

Safety and consistency in policy-based authorization systems

Lee, AJ and Winslett, M (2006) Safety and consistency in policy-based authorization systems. In: UNSPECIFIED UNSPECIFIED, 124 - 133. ISBN UNSPECIFIED

[img] Plain Text (licence)
Available under License : See the attached license file.

Download (1kB)


In trust negotiation and other distributed proving systems, networked entities cooperate to form proofs that are justi?ed by collections of certi?ed attributes. These attributes may be obtained through interactions with any number of external entities and are collected and validated over an extended period of time. Though these collections of credentials in some ways resemble partial system snapshots,these systems currently lack the notion of a consistent global state in which the satisfaction of authorization policies should be checked. In this paper, we argue that unlike the notions of consistency studied in other areas of distributed computing, the level of consistency required during policy evaluation is predicated solely upon the security requirements of the policy evaluator. As such,there is little incentive for entities to participate in complicated consistency preservation schemes like those used in distributed computing,distributed databases, and distributed shared memory. We go on to show that the most intuitive notion of consistency fails to provide basic safety guarantees under certain circumstances and then propose several more refined notions of consistency which provide stronger safety guarantees. We provide algorithms that allow each of these re ?ned notions of consistency to be attained in practice with minimal overheads. Copyright 2006 ACM.


Social Networking:
Share |


Item Type: Book Section
Status: Published
CreatorsEmailPitt UsernameORCID
Lee, AJadamlee@pitt.eduADAMLEE
Winslett, M
Date: 1 December 2006
Date Type: Publication
Journal or Publication Title: Proceedings of the ACM Conference on Computer and Communications Security
Page Range: 124 - 133
Event Type: Conference
DOI or Unique Handle: 10.1145/1180405.1180422
Schools and Programs: Dietrich School of Arts and Sciences > Computer Science
Refereed: Yes
ISSN: 1543-7221
Date Deposited: 05 Dec 2012 20:26
Last Modified: 02 Feb 2019 16:56


Monthly Views for the past 3 years

Plum Analytics

Actions (login required)

View Item View Item